IntrodUCtion This document PRovides a sample configuration of a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) over ATM when Border Gateway Protocol (BGP) or Routing Information Protocol (RIP) is present on the customer's site.
When used with MPLS, the VPN feature allows several sites to interconnect transparently through a service provider's network. One service provider network can support several different IP VPNs. Each of these appears to its users as a private network, separate from all other networks. Within a VPN, each site can send IP packets to any other site in the same VPN.
Each VPN is associated with one or more VPN routing or forwarding instances (VRFs). A VRF consists of an IP routing table, a derived Cisco eXPress forwarding (CEF) table, and a set of interfaces that use this forwarding table.
The router maintains a separate routing and CEF table for each VRF. This prevents information being sent outside the VPN and allows the same subnet to be used in several VPNs without causing duplicate IP address problems.
The router using Multiprotocol BGP (MP-BGP) distributes the VPN routing information using the MP-BGP extended communities.
For more information regarding the propagation of updates through a VPN, see the following URLs:
VPN Route Target Communities
BGP Distribution of VPN Routing Information
MPLS Forwarding Conventions The letters below represent the different types of routers and switches used. P : Provider's core router
PE : Provider's edge router
CE : Customer's edge router
C : Customer's router This diagram shows a typical configuration illustrating the conventions outlined above.
Hardware and Software Versions This configuration was developed and tested using the software and hardware versions shown below. P and PE routers:
Software - Cisco IOS?Software Release 12.1(3)T. Release 12.0(5)T includes the MPLS VPN feature.
Hardware - Any Cisco router from the 3600 series or higher, such as the Cisco 3660 or 7206.
C and CE routers: You can use any router that can exchange routing information with its PE router.
Network Diagram
Configuration Procedures
Enabling ip cef Make sure that ip cef is enabled. For improved performance, use ip cef distributed (where available). Complete the following steps on the PEs after MPLS has been set up (configuring tag-switching ip on the interfaces).
Create one VRF for each VPN connected using the ip vrf command. When doing this:
Specify the correct route distinguisher used for that VPN. This is used to extend the IP address so that you can identify which VPN it belongs to.
rd Set up the import and export properties for the MP-BGP extended communities. These are used for filtering the import and export process.
route-target [exportimportboth] Configure the forwarding details for the respective interfaces using the following command.
ip vrf forwarding Remember to set up the IP address after doing this.
Depending on the PE-CE routing protocol you are using, you can configure static routes or routing protocols (RIP, Open Shortest Path First [OSPF], or BGP) between PE and CE. Detailed configurations are available on the MPLS over ATM Support Page. Configuring MP-BGP Configure MP-BGP between the PE routers. There are several ways to configure BGP, such as using the route reflector or confederation methods. The method used here梔irect neighbor configuration梚s the simplest and the least scalable.
Declare the different neighbors.
Enter the address-family ipv4 vrf command for each VPN present at this PE router. Carry out one or more of the following steps, as necessary:
Redistribute the static routing, RIP, or OSPF information.
Redistribute connected routing information.
Activate BGP neighboring with the CE routers.
Enter the address-family vpnv4 mode, and complete the following steps:
Activate the neighbors.
Specify that extended community must be used. This is mandatory. Configurations Configuration commands specific to Customer_A are in red, to Customer_B in blue, and to both in fuchsia. --------------------------------------------------------------------------------------- Pescara --------------------------------------------------------------------------------------- Current configuration: !
version 12.0 ! hostname Pescara ! ip cef ! ip vrf Customer_A rd 100:110 route-target export 100:1000 route-target import 100:1000 ! ip vrf Customer_B rd 100:120 route-target export 100:2000 route-target import 100:2000 ! clns routing mpls traffic-eng tunnels ! interface Loopback0 ip address 10.10.10.4 255.255.255.255 ip router isis clns router isis ! interface Loopback101 ip vrf forwarding Customer_A ip address 200.0.4.1 255.255.255.0 no ip directed-broadcast ! interface Loopback102 ip vrf forwarding Customer_B ip address 200.0.4.1 255.255.255.0 no ip directed-broadcast ! interface Serial0/1 no ip address no ip directed-broadcast encapsulation frame-relay no fair-queue ! interface Serial0/1.1 point-to-point description link to Pauillac bandwidth 512 ip address 10.1.1.14 255.255.255.252 no ip directed-broadcast ip router isis tag-switching ip clns router isis frame-relay interface-dlci 401 ! router isis net 49.0001.0000.0000.0004.00 is-type level-1 ! router bgp 100 bgp log-neighbor-changes neighbor 10.10.10.6 remote-as 100 neighbor 10.10.10.6 update-source Loopback0 ! address-family vpnv4 neighbor 10.10.10.6 activate neighbor 10.10.10.6 send-community both exit-address-family ! address-family ipv4 vrf Customer_B redistribute connected no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf Customer_A redistribute connected no auto-summary no synchronization exit-address-family ! ip classless ! end --------------------------------------------------------------------------------------- Pesaro --------------------------------------------------------------------------------------- Current configuration: ! version 12.1 ! hostname Pesaro ! ip vrf Customer_A rd 100:110 route-target export 100:1000 route-target import 100:1000 ! ip vrf Customer_B rd 100:120 route-target export 100:2000 route-target import 100:2000 ! ip cef clns routing ! ! interface Loopback0 ip address 10.10.10.6 255.255.255.255 ip router isis clns router isis ! interface Loopback101 ip vrf forwarding Customer_A ip address 200.0.6.1 255.255.255.0 ! interface Loopback102 ip vrf forwarding Customer_B ip address 200.0.6.1 255.255.255.0 !
interface Loopback111 ip vrf forwarding Customer_A ip address 200.1.6.1 255.255.255.0 ! interface Serial0/0 no ip address encapsulation frame-relay no ip mroute-cache random-detect ! interface Serial0/0.1 point-to-point description link to Pomerol bandwidth 512 ip address 10.1.1.22 255.255.255.252 ip router isis tag-switching ip clns router isis frame-relay interface-dlci 603 ! router isis net 49.0001.0000.0000.0006.00 is-type level-1 ! router bgp 100 neighbor 10.10.10.4 remote-as 100 neighbor 10.10.10.4 update-source Loopback0 ! address-family ipv4 vrf Customer_B redistribute connected no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf Customer_A redistribute connected no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor 10.10.10.4 activate neighbor 10.10.10.4 send-community both exit-address-family ! ip classless ! end --------------------------------------------------------------------------------------- Pomerol --------------------------------------------------------------------------------------- Current configuration: ! version 12.0 ! hostname Pomerol ! ip cef clns routing ! interface Loopback0 ip address 10.10.10.3 255.255.255.255 ip router isis clns router isis ! interface Serial0/1 no ip address no ip directed-broadcast encapsulation frame-relay random-detect ! interface Serial0/1.1 point-to-point description link to Pauillac ip address 10.1.1.6 255.255.255.252 no ip directed-broadcast ip router isis tag-switching mtu 1520 tag-switching ip clns router isis frame-relay interface-dlci 301 ! interface Serial0/1.2 point-to-point description link to Pulligny ip address 10.1.1.9 255.255.255.252 no ip directed-broadcast ip router isis tag-switching ip clns router isis frame-relay interface-dlci 302 ! interface Serial0/1.3 point-to-point description link to Pesaro ip address 10.1.1.21 255.255.255.252 no ip directed-broadcast ip router isis tag-switching ip clns router isis frame-relay interface-dlci 306 ! router isis net 49.0001.0000.0000.0003.00 is-type level-1 ! ip classless ! end --------------------------------------------------------------------------------------- Pulligny --------------------------------------------------------------------------------------- Current configuration: !
version 12.1 ! hostname Pulligny ! ! ip cef clns routing cns event-service server ! ! interface Loopback0 ip address 10.10.10.2 255.255.255.255 ! interface Serial0/1 no ip address encapsulation frame-relay random-detect ! interface Serial0/1.1 point-to-point description link to Pauillac ip address 10.1.1.2 255.255.255.252 ip router isis tag-switching ip clns router isis frame-relay interface-dlci 201 ! interface Serial0/1.2 point-to-point description link to Pomerol ip address 10.1.1.10 255.255.255.252 ip router isis tag-switching ip clns router isis frame-relay interface-dlci 203 ! router isis passive-interface Loopback0 net 49.0001.0000.0000.0002.00 is-type level-1 ! ip classless ! end --------------------------------------------------------------------------------------- Pauillac --------------------------------------------------------------------------------------- ! version 12.1 ! hostname pauillac ! ip cef clns routing cns event-service server ! interface Loopback0 ip address 10.10.10.1 255.255.255.255 ip router isis clns router isis ! interface Serial0/0 no ip address encapsulation frame-relay no ip mroute-cache tag-switching ip no fair-queue ! interface Serial0/0.1 point-to-point description link to Pomerol bandwith 512 ip address 10.1.1.1 255.255.255.252 ip router isis tag-switching ip clns router isis frame-relay interface-dlci 102 ! interface Serial0/0.2 point-to-point description link to Pulligny ip address 10.1.1.5 255.255.255.252 ip access-group 150 out ip router isis tag-switching ip clns router isis frame-relay interface-dlci 103 ! interface Serial0/0.3 point-to-point description link to Pescara bandwidth 512 ip address 10.1.1.13 255.255.255.252 ip router isis tag-switching ip clns router isis frame-relay interface-dlci 104 ! router isis net 49.0001.0000.0000.0001.00 is-type level-1 ! ip classless ! end
************************************************** show Commands The following commands are illustrated below: show ip vrf show ip vrf interfaces show ip route vrf Customer_A traceroute vrf Customer_A 200.0.6.1 Other interesting commands (not illustrated here) include: show ip bgp vpnv4 tag show ip cef vrf Customer_A 200.0.6.1 detail More commands are detailed in the MPLS VPN Solution Troubleshooting Guide. Sample show Output You can use the following command to verify that the correct VRF exists: Pescara#show ip vrf Name Default RD Interfaces Customer_A 100:110 Loopback101 Customer_B 100:120 Loopback102
To check the activated interfaces, use the following command. Pesaro#show ip vrf interfaces Interface IP-Address VRF Protocol Loopback101 200.0.6.1 Customer_A up Loopback111 200.1.6.1 Customer_A up Loopback102 200.0.6.1 Customer_B up
Routing Information You can check routing information on the PE routers using the show ip route command followed by vrf and the VRF name. Pescara#show ip route vrf Customer_A Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR
Gateway of last resort is not set
C 200.0.4.0/24 is directly connected, Loopback101 B 200.0.6.0/24 [200/0] via 10.10.10.6, 05:10:11 B 200.1.6.0/24 [200/0] via 10.10.10.6, 04:48:11
MPLS Labels By running a traceroute between two sites of Customer_A, it is possible to see the label stack used by the MPLS network (if it is configured to do so by mpls ip ttl ...). Pescara#traceroute vrf Customer_A 200.0.6.1
Type escape sequence to abort. Tracing the route to 200.0.6.1
